Disable NLA on XP Remote Desktop Client

Windows XP SP3 includes an update which enables Network Level Authentication (NLA)

Issues can arise when connecting Remote Desktop Client mstsc (RDC) attempting connection to Windows Server 2008R2, depending on both client and server platform configuration.

When the server is configured to accept NLA connections, an untrusted certificate may be sent to a client which support NLA, causing the client to fail authentication.  The client will prompt for a password to be entered for a second time and the server subsquentaly rejects the connection.

To check whether the client is NLA enabled

Run mstsc.exe, click the icon in the top left corner to displat the Window menu, click About.
The version of the RDC client, hightest supported protocol and NLA support is displayed 

Workaround 1.

Disable  ssp credential suppory in the client
Open the .rdp file in notepad and edit or add the following line

enablecredsspsupport:i:0

The downside of this workaround is that users will not be able to save their user credentials and password

Workaround 2.

Disable NLA for RDC
Open regedit

Under HKLM\SYSTEM\CurrentControlSet\Control\Lsa 
Edit the REG_MULTI_SZ value named Security Packages and remove tspkg from the list 

Under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders 
Edit the REG_SZ value named SecurityProviders and remove from the end of the list

, credssp.dll 

Use the mstsc About dialoh to check NLA has been disabled.
Entirely remove any credsspsupport:i: entry which is present in the .rdp file

Users can save their passwords

Note: Windows 7 has NLA enabled by default and their may be no way for users to save RDC credentials.